work-mvp

SUSPICIOUS: the stated purpose matches a dev-workflow orchestration skill, and there is no clear credential harvesting or exfiltration. However, the skill’s core behavior depends on an unverified `lev` binary and passes session-generated steps into that executor, creating a high install/execution-trust risk disproportionate to the limited provenance evidence provided.